Hello from the OT side!

Thursday 1 October 12:00 - 12:30, Red room

Daniel Kapellmann Zafra (FireEye)



Throughout the last 10 years, those in the nascent operational technology (OT) security community have consistently strived to highlight the unique characteristics that differentiate them from IT security professionals. Stressing the differences between the two communities has made it possible to increase awareness about the various challenges we face to protect industrial control systems (ICS) and critical infrastructure. However, recent analysis of major OT security incidents and attacker techniques, tactics and procedures (TTPs) shines a light on the need to re-evaluate this posture.

Most sophisticated OT attacks leveraged computers and servers, and the same or similar operating systems and protocols as used in IT as a conduit to their ultimate targets. This infrastructure served as an avenue for impacting physical assets or controlling physical processes. As a result, advanced skills from IT security professionals represent a unique opportunity for defenders and incident responders to explore and understand the intrusion methods, or TTPs, that take place in intermediary systems across the OT attack lifecycle.

In this talk, I will discuss a series of cases and war stories observed by our cyber physical threat intelligence team to showcase the impact of IT threats to OT security and highlight some challenges that can only be solved with both advanced IT security skills and a strong understanding of OT environments. This presentation seeks to encourage the audience to embrace a new perspective and bring their skills to task on some of the most compelling challenges of cyber physical security.

 

Daniel-Kapellmann-Zafra-web.jpg

Daniel Kapellmann Zafra

Daniel Kapellmann works as a technical analysis manager for FireEye Threat Intelligence cyber-physical team. As a former Fulbright scholar, he holds an information management Master’s degree from the University of Washington specialized in information security and risk management. His background is multidisciplinary, with past work experience that ranges from consulting for the International Telecommunication Union and Mexican market research firm The Competitive Intelligence Unit, to IT planning & architecture for Puget Sound Energy. He is also a frequent speaker on novel industrial control systems (ICS) / operational technology (OT) topics at both local and international conferences, including RSA, Virus Bulletin UK, NATO’s CyCON (Estonia), DHS ICSJWG, AFPM Operations & Process Technology Summit, and ICS Village Hack the Capitol. In 2017, he was awarded first place in Kaspersky Academy Talent Lab's competition for designing an application to address security beyond anti-virus.

@Kapellmann


Back to VB2020 Programme page

Other VB2020 papers

Emerging trends in malware downloaders

Dr. Nirmal Singh (Zscaler)
Deepen Desai (Zscaler)
Avinash Kumar (Zscaler)

TBA

Clandestine hunter: two strategies for supply chain attack

Byeongjae Kim (Korea Internet & Security Agency)
Taewoo Lee (Korea Internet & Security Agency)
Sojun Ryu (Korea Internet & Security Agency)
Dongwook Kim (Korea Internet & Security Agency)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.